reports/GO-2020-0026.toml - vulndb - Git at Google

 package = "github.com/openshift/source-to-image/pkg/tar"

 description = """
 Malicious Zip and Tar archives can be crafted that contain relative
 file paths, such that arbitary files outside of the target directory
 may be overwritten.
 """

 cve = "CVE-2018-1103"

 symbols = ["stiTar.ExtractTarStreamFromTarReader", "stiTar.extractLink", "New"]

 [[versions]]
 fixed = "v1.1.10-0.20180427153919-f5cbcbc5cc6f"

 [links]
 commit = "https://github.com/openshift/source-to-image/commit/f5cbcbc5cc6f8cc2f479a7302443bea407a700cb"
 context = ["https://snyk.io/research/zip-slip-vulnerability"]
	package = "github.com/openshift/source-to-image/pkg/tar"

	description = """
	Malicious Zip and Tar archives can be crafted that contain relative
	file paths, such that arbitary files outside of the target directory
	may be overwritten.
	"""

	cve = "CVE-2018-1103"

	symbols = ["stiTar.ExtractTarStreamFromTarReader", "stiTar.extractLink", "New"]

	[[versions]]
	fixed = "v1.1.10-0.20180427153919-f5cbcbc5cc6f"

	[links]
	commit = "https://github.com/openshift/source-to-image/commit/f5cbcbc5cc6f8cc2f479a7302443bea407a700cb"
	context = ["https://snyk.io/research/zip-slip-vulnerability"]